ScreenShot
| Created | 2021.09.09 09:13 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (malicious, high confidence, Save, ZexaF, kq0@aip1j4G, Kryptik, Eldorado, Attribute, HighConfidence, DropperX, Static AI, Malicious PE, StopCrypt, score, CoinMiner, Glupteba, R440555, Unsafe, Generic@ML, RDML, JU7Zp, jefqKHHJKlMOkD2A, susgen, confidence, 100%) | ||
| md5 | c9ddf1bb09008b98a0a4555724cc6ceb | ||
| sha256 | 51fcc5eebacd36d6c7d517b0fe8d73404bc475a114739be7d734f336212f7157 | ||
| ssdeep | 3072:vp+qZN+CFISgRDrAiASCRd3uyU1nq5lje5T:vFhFIJAXRd3uyU16i5T | ||
| imphash | 6a5b2ed1d2a10243900d033fb59d2b61 | ||
| impfuzzy | 24:qk80Z9YZ3Oovi78slDxYYnHyl6VJt/J3J8XYRv9KvkRTAjMniplu2c5:TZaZ+BFxn26VJthKc9r7Ws2U | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41f000 SetLocalTime
0x41f004 lstrcpynA
0x41f008 InterlockedIncrement
0x41f00c InterlockedDecrement
0x41f010 GetCurrentProcess
0x41f014 GetSystemWindowsDirectoryW
0x41f018 GetEnvironmentStringsW
0x41f01c GetUserDefaultLCID
0x41f020 AddConsoleAliasW
0x41f024 SetEvent
0x41f028 GetSystemDefaultLCID
0x41f02c GetFileAttributesExA
0x41f030 ReadConsoleW
0x41f034 WriteFile
0x41f038 GetCommandLineA
0x41f03c GetEnvironmentStrings
0x41f040 GlobalAlloc
0x41f044 ReadConsoleInputA
0x41f048 CopyFileW
0x41f04c DeleteVolumeMountPointW
0x41f050 GetLocaleInfoA
0x41f054 GetComputerNameExA
0x41f058 VerifyVersionInfoA
0x41f05c WriteConsoleW
0x41f060 GetAtomNameW
0x41f064 GetCPInfoExW
0x41f068 GetProcAddress
0x41f06c GetLongPathNameA
0x41f070 PeekConsoleInputW
0x41f074 VerLanguageNameA
0x41f078 EnterCriticalSection
0x41f07c CreateTapePartition
0x41f080 SetConsoleOutputCP
0x41f084 GetModuleFileNameA
0x41f088 GetOEMCP
0x41f08c SetConsoleTitleW
0x41f090 GetModuleHandleA
0x41f094 Module32NextW
0x41f098 GetCurrentProcessId
0x41f09c FindNextVolumeA
0x41f0a0 LeaveCriticalSection
0x41f0a4 GetStartupInfoA
0x41f0a8 TerminateProcess
0x41f0ac UnhandledExceptionFilter
0x41f0b0 SetUnhandledExceptionFilter
0x41f0b4 IsDebuggerPresent
0x41f0b8 GetModuleHandleW
0x41f0bc TlsGetValue
0x41f0c0 TlsAlloc
0x41f0c4 TlsSetValue
0x41f0c8 TlsFree
0x41f0cc SetLastError
0x41f0d0 GetCurrentThreadId
0x41f0d4 GetLastError
0x41f0d8 Sleep
0x41f0dc HeapSize
0x41f0e0 ExitProcess
0x41f0e4 HeapFree
0x41f0e8 SetHandleCount
0x41f0ec GetStdHandle
0x41f0f0 GetFileType
0x41f0f4 DeleteCriticalSection
0x41f0f8 SetFilePointer
0x41f0fc GetCPInfo
0x41f100 GetACP
0x41f104 IsValidCodePage
0x41f108 FreeEnvironmentStringsA
0x41f10c FreeEnvironmentStringsW
0x41f110 WideCharToMultiByte
0x41f114 HeapCreate
0x41f118 VirtualFree
0x41f11c QueryPerformanceCounter
0x41f120 GetTickCount
0x41f124 GetSystemTimeAsFileTime
0x41f128 GetConsoleCP
0x41f12c GetConsoleMode
0x41f130 RaiseException
0x41f134 HeapAlloc
0x41f138 HeapReAlloc
0x41f13c VirtualAlloc
0x41f140 LoadLibraryA
0x41f144 InitializeCriticalSectionAndSpinCount
0x41f148 RtlUnwind
0x41f14c SetStdHandle
0x41f150 FlushFileBuffers
0x41f154 LCMapStringA
0x41f158 MultiByteToWideChar
0x41f15c LCMapStringW
0x41f160 GetStringTypeA
0x41f164 GetStringTypeW
0x41f168 WriteConsoleA
0x41f16c GetConsoleOutputCP
0x41f170 CreateFileA
0x41f174 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x41f000 SetLocalTime
0x41f004 lstrcpynA
0x41f008 InterlockedIncrement
0x41f00c InterlockedDecrement
0x41f010 GetCurrentProcess
0x41f014 GetSystemWindowsDirectoryW
0x41f018 GetEnvironmentStringsW
0x41f01c GetUserDefaultLCID
0x41f020 AddConsoleAliasW
0x41f024 SetEvent
0x41f028 GetSystemDefaultLCID
0x41f02c GetFileAttributesExA
0x41f030 ReadConsoleW
0x41f034 WriteFile
0x41f038 GetCommandLineA
0x41f03c GetEnvironmentStrings
0x41f040 GlobalAlloc
0x41f044 ReadConsoleInputA
0x41f048 CopyFileW
0x41f04c DeleteVolumeMountPointW
0x41f050 GetLocaleInfoA
0x41f054 GetComputerNameExA
0x41f058 VerifyVersionInfoA
0x41f05c WriteConsoleW
0x41f060 GetAtomNameW
0x41f064 GetCPInfoExW
0x41f068 GetProcAddress
0x41f06c GetLongPathNameA
0x41f070 PeekConsoleInputW
0x41f074 VerLanguageNameA
0x41f078 EnterCriticalSection
0x41f07c CreateTapePartition
0x41f080 SetConsoleOutputCP
0x41f084 GetModuleFileNameA
0x41f088 GetOEMCP
0x41f08c SetConsoleTitleW
0x41f090 GetModuleHandleA
0x41f094 Module32NextW
0x41f098 GetCurrentProcessId
0x41f09c FindNextVolumeA
0x41f0a0 LeaveCriticalSection
0x41f0a4 GetStartupInfoA
0x41f0a8 TerminateProcess
0x41f0ac UnhandledExceptionFilter
0x41f0b0 SetUnhandledExceptionFilter
0x41f0b4 IsDebuggerPresent
0x41f0b8 GetModuleHandleW
0x41f0bc TlsGetValue
0x41f0c0 TlsAlloc
0x41f0c4 TlsSetValue
0x41f0c8 TlsFree
0x41f0cc SetLastError
0x41f0d0 GetCurrentThreadId
0x41f0d4 GetLastError
0x41f0d8 Sleep
0x41f0dc HeapSize
0x41f0e0 ExitProcess
0x41f0e4 HeapFree
0x41f0e8 SetHandleCount
0x41f0ec GetStdHandle
0x41f0f0 GetFileType
0x41f0f4 DeleteCriticalSection
0x41f0f8 SetFilePointer
0x41f0fc GetCPInfo
0x41f100 GetACP
0x41f104 IsValidCodePage
0x41f108 FreeEnvironmentStringsA
0x41f10c FreeEnvironmentStringsW
0x41f110 WideCharToMultiByte
0x41f114 HeapCreate
0x41f118 VirtualFree
0x41f11c QueryPerformanceCounter
0x41f120 GetTickCount
0x41f124 GetSystemTimeAsFileTime
0x41f128 GetConsoleCP
0x41f12c GetConsoleMode
0x41f130 RaiseException
0x41f134 HeapAlloc
0x41f138 HeapReAlloc
0x41f13c VirtualAlloc
0x41f140 LoadLibraryA
0x41f144 InitializeCriticalSectionAndSpinCount
0x41f148 RtlUnwind
0x41f14c SetStdHandle
0x41f150 FlushFileBuffers
0x41f154 LCMapStringA
0x41f158 MultiByteToWideChar
0x41f15c LCMapStringW
0x41f160 GetStringTypeA
0x41f164 GetStringTypeW
0x41f168 WriteConsoleA
0x41f16c GetConsoleOutputCP
0x41f170 CreateFileA
0x41f174 CloseHandle
EAT(Export Address Table) is none